[isalist] Re: Proxy traffic to private NLB address

• From: "Mayo, Bill" <bemayo@xxxxxxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Wed, 29 Sep 2010 17:38:40 -0400

We have put a manual entry in DNS for a name that points to the NLB IP
address.  Via policy, our staff get an entry that points to this name
(nlb-pluto); it is not the FQDN, just the simple computer name.  I can
confirm, though, that when those folks ping the name, it returns the NLB
IP address.  I have no DNS (or WINS) entries at all that point to the
private address that these clients are using, which is what makes me
think that I am somehow inadvertantly advertising this in the config.

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jerry Young
Sent: Wednesday, September 29, 2010 5:28 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Proxy traffic to private NLB address


Bill,
 
What's the FQDN of the proxy name?  Or do you specify the IP address for
the clients to use when connecting to the proxy?


On Wed, Sep 29, 2010 at 4:23 PM, Mayo, Bill <bemayo@xxxxxxxxxxxxxxxx>
wrote:


        I have a 2-node ISA Server 2006 NLB used for outbound proxy
requests, and have just discovered that there is at least some proxy
traffic being targeted towards the private addresses used by the NLB NIC
on these servers.  These servers have several NICs and IP's.  I am
seeing traffic being sent to port 8080 on the IP address that is
assigned to the NIC used in the NLB for each of the servers.  The
"advertised" IP address for the NLB points to the internal interface for
the servers, and I am struggling to see where/how the computers in
question are getting the NLB IP's from.  The traffic for the NLB's is
private and not routable on our network.  I would not be surprised to
find that I have something configured wrongly, but I'm only seeing this
for a small percentage of clients that use this proxy.  I used MS
Network Monitor on one of the machines from which I am seeing the
traffic, but it didn't really help clear anything up for me.

        Can anyone advise of a misconfiguration in ISA that would cause
traffic to be targeted to the NLB address, or any other reason?

        Bill Mayo 





-- 
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
Young Consulting & Staffing Services Company - Owner
www.youngcss.com

• References:
  • [isalist] Proxy traffic to private NLB address
    • From: Mayo, Bill
  • [isalist] Re: Proxy traffic to private NLB address
    • From: Jerry Young

Other related posts:

• » [isalist] Proxy traffic to private NLB address- Mayo, Bill
• » [isalist] Re: Proxy traffic to private NLB address- Jerry Young
• » [isalist] Re: Proxy traffic to private NLB address - Mayo, Bill
• » [isalist] Re: Proxy traffic to private NLB address- Jim Harrison

1. Home
2. isalist
3. Archive
4. 09-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---